Software Integrity

Archive for the 'Cloud Security' Category

 

7 things to consider when transitioning your applications to the Cloud

Written in coordination with Ugochukwu Enyioha Organizations are moving their applications to the Cloud (or using the Cloud as a starting point for application development) at an astonishing rate. According to Forbes, 73% of companies are planning to move to a fully software-defined data center within 2 years. The shift is motivated by three primary […]

Continue Reading...

Posted in Agile Methodology, Cloud Security, DevOps | No Comments »

 

A primer on protecting keys and secrets in Microsoft Azure

Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every […]

Continue Reading...

Posted in Application Security, Cloud Security, Cryptography | Comments Off on A primer on protecting keys and secrets in Microsoft Azure

 

With comparisons to Heartbleed, Cloudbleed may affect millions

A researcher from Google disclosed on Thursday that private messages, API keys, and other sensitive data were being leaked by a major content delivery network to random requesters, a leakage that could affect up to 5.5 million websites. Like Heartbleed, which was co-discovered by the Synopsys team in Oulu, Finland, and Google in April 2014, […]

Continue Reading...

Posted in Application Security, Cloud Security, Fuzz Testing, Software Security Testing, Vulnerability Assessment | Comments Off on With comparisons to Heartbleed, Cloudbleed may affect millions

 

5 security industry buzzwords we love to hate

Computing security is an interesting space. One of the main aspects that makes it interesting is that there are many security terms that are ambiguous. With some words, we have no idea why we’ve come to use them! While these buzzwords aren’t going away any time soon, here is a list of buzzwords that most of the […]

Continue Reading...

Posted in Cloud Security, Ethical Hacking, Software Security Testing | Comments Off on 5 security industry buzzwords we love to hate

 

Examining containerization security challenges and solutions

Containerization is a relatively new way to host and deploy applications in comparison to the traditional hardware-based deployment or VM-based virtualization. It’s fast, cost effective, and efficient. But is it secure? Let’s find out. The concept of containerization. While Docker and containers are the talk of the town in the DevOps world, the concept of containerization […]

Continue Reading...

Posted in Cloud Security, Software Security Testing | Comments Off on Examining containerization security challenges and solutions

 

Cloud-based application security testing challenges and tips

Cloud computing has influenced IT delivery services (including storage, computing, deployment, and management) with the maturity of automation and virtualization technologies. With these maturing technologies, a major obstacle in the adoption of cloud computing is security. Cloud security testing, as a relatively new service model, allows IT security testing service providers to perform on-demand application security testing […]

Continue Reading...

Posted in Application Security, Cloud Security | Comments Off on Cloud-based application security testing challenges and tips

 

Hacking medical devices: 5 ways to inoculate yourself from attacks

A terrorist hacks into the US Vice President’s pacemaker to murder him. It happened on the Showtime series Homeland, but could it happen in real life? Most security experts agree that such a scenario is highly unlikely or even downright impossible. However, that doesn’t mean you should ignore the real security risks that medical devices […]

Continue Reading...

Posted in Cloud Security, Healthcare Security, Internet of Things, Medical Device Security | Comments Off on Hacking medical devices: 5 ways to inoculate yourself from attacks

 

Embracing the security benefits of the cloud infrastructure

Originally posted on SecurityWeek Less than ten minutes driving west from my home, you encounter a vast expanse of large, windowless buildings. Situated near them are impressive physical plants dedicated to cooling these buildings and providing back-up power in the case of a power failure. Whenever I drive past these complexes I always point them […]

Continue Reading...

Posted in Cloud Security, Software Security Testing | Comments Off on Embracing the security benefits of the cloud infrastructure

 

The IoT sky is falling: How being connected makes us insecure

Originally posted on SecurityWeek The first chunk of actual sky recently slammed into the ground with a resounding thud. The security community has been actively telling the world that the Internet of Things (IoT) is ripe for compromise and exploitation. Unfortunately, the public has shoved aside these “Chicken Little” warnings in hopes of getting all […]

Continue Reading...

Posted in Cloud Security, Internet of Things, Software Security Testing | Comments Off on The IoT sky is falling: How being connected makes us insecure

 

Learn to secure a cloud application in a single day

How can cloud applications build security in? This question may seem almost as limitless as the cloud itself. To get some answers, we sat down with John Roberts, Senior Security Consultant and resident Amazon Web Services (AWS) expert, to discuss Synopsys’ newest training opportunity. During our discussion, he puts the breadth of cloud security into perspective. […]

Continue Reading...

Posted in Cloud Security, DevOps, Security Training | Comments Off on Learn to secure a cloud application in a single day